{ "name": "Millenium: A RAT Rewritten, A Threat Multiplied", "slug": "millenium-a-rat-rewritten-a-threat-multiplied", "description": "Group-IB analyzes Millenium RAT version 4.*, a remote access trojan that has undergone significant architectural changes from .NET to native C++, while continuing to leverage Telegram Bot API for command and control without requiring dedicated server infrastructure. The malware is distributed as Malware-as-a-Service by developer 'ShinyEnigma' for $50-90 USD. Active exploitation campaigns are conducted by threat actor cluster 'Y2K Operators' using social engineering tactics including fraudulent utilities, hacking toolkits, software cracks, gaming lures, and trojanized cybercrime tools. The trojan enables exfiltration of sensitive browser and system data, screenshot and audio capture, keylogging, and arbitrary executable downloads. Over 62,000 compromised endpoints across more than 160 countries have been identified, with 39,730 infections occurring in Q1 2026 alone, demonstrating accelerating infection rates.", "published": "2026-06-25T18:43:48.999000+00:00", "created_at": "2026-06-26T08:37:58.556000+00:00", "modified_at": null, "created_at_opencti": "2026-06-26T08:37:58.556000+00:00", "author": "AlienVault", "confidence": 100, "report_types": [ "threat-report" ], "labels": [ "asyncrat", "millenium rat", "njrat", "shinyenigma", "xworm", "y2k operators" ], "tags": [], "related_entities": { "indicators": [ { "id": "1fc3a80c-035e-472b-9a09-2a35bab1fa87", "name": "a8acc24bb3e6a1a3b66a31ceaefda07d4a0e17415468683458b499f2ba240450" }, { "id": "de691d3a-0e81-429b-86b4-9978625f3288", "name": "http://158.94.208.168/files/8514679081/DRTjyu7.exe" }, { "id": "353a04c2-f4c7-45a0-8f19-e68e1967da69", "name": "a4b34b94a905fe330b0a3e4502aa45356e383a8f45ff1d008b785ea0ec14acaf" }, { "id": "fefa87bf-63eb-43b0-b931-f5ff957c5166", "name": "7d8b6a64f7b65b281e7b5568929c6f96c62bbae9628162aabe7d8140a86d3de8" }, { "id": "96f26bcd-5ef3-4e5d-ad09-18bb95cb0873", "name": "http://kuttabilla.top/mr.exe" }, { "id": "bf012177-7841-49f3-abe7-c66462da4af3", "name": "1d699a46339626db299548e32ed3a77eec267840c3de39b49caf38b88aeb150d" }, { "id": "3ca46d23-b3b3-4d89-8d41-5878c4585d32", "name": "https://blackhatusa.com/clip.exe" }, { "id": "299b13df-4810-4ac5-9573-f9f6eb10af24", "name": "https://blackhatusa.com/update.exe" }, { "id": "6595ccf8-c371-4912-84a2-092d4c94aa61", "name": "2d5615acd1b0666995fd124fb72f2713c6609b5368350340288b52fecbdd016d" }, { "id": "b1f1267f-704a-4aa7-afdf-21b0cfd7ea1c", "name": "7a370a9262d37de6a24706f92ff0cdded7202281a6ff3bf313721756226ebff9" }, { "id": "df26c8cc-e1a9-4bec-9c45-90ced31e20ff", "name": "modedapk.net" }, { "id": "b14371e6-dd48-4f04-b883-6cb002ecf6d9", "name": "4e035575be8fe350a9e36cf29dbbc8826af2f772672bd08c9e489a243cb90e31" }, { "id": "095e42aa-452b-468c-91cf-54e0e661c2f5", "name": "ccca11a6d5835999c40a0a5264084b3740633600c157754fad2ef59559e31736" }, { "id": "a409ac40-fc5e-4a19-95cd-2c643e6ca4db", "name": "8bef879c6920cdce7c01b8dbb7da24dca23b8822a7aa00dfc72cb32f55879a24" }, { "id": "78b71b07-cc1b-41d7-9d1a-9ab1e4142c27", "name": "ad74f502cc37e815482df49f118b2f678daf1a3f522daf07a2abeb32c2ed3831" }, { "id": "aa616c58-e6e6-4485-84b7-f901363dce33", "name": "2267d05dbd5e30c6dfcdde25731280dd755e689faa684bd21cfbef5281fd3e86" }, { "id": "ac1be9ab-0de2-446e-831b-25f3298a5b96", "name": "3e17ce0b30b9fd6863b341ae58ee118dc13f2ee7f1c92ac4b81c04d54480d0e0" }, { "id": "64bee994-f5b0-4328-bc8f-043f22cc0684", "name": "307964ed02f34bff4e40c5402cc936be07fd9957ef400596a4b3e2cd98c50ec1" }, { "id": "a555182f-4b42-4802-bfef-01d8f5cb5fbf", "name": "a97f15d7bfad02a600eba426c3ef72be34e944a7c8364a975c53866735f7aa4e" }, { "id": "e8a69c31-8c41-4a4f-b981-b4ee502aac3e", "name": "fc41c336b79cbc6559a17d716b84101dbef1adc5357b643a75111af442719611" }, { "id": "82ac3b67-2254-451e-9b83-67582d917e79", "name": "aa2ccd18a7a09f66ca5c1bbd927f7fe411bd3874df77b0eaf40738dab7566606" }, { "id": "389c0d82-1a34-4835-bbbb-e2ae6d29b8a2", "name": "1d52ded1f3838a1eee849ae20b2fee6c84b183cc98abe7244365b9f34b925eea" }, { "id": "a7815a3b-4e27-47cd-afff-8b6639f8f5c2", "name": "https://75877.mcdir.me/files/2.vbs" }, { "id": "a07364cd-a1ba-4236-9ba1-2cad812741ff", "name": "57edeb575862ce8d3bff2eb4d32d9e3fa1ffb7cb8f818e2e7fc6d25a506faea6" }, { "id": "7559193e-6b85-4f8d-8272-dceeba8863d6", "name": "848036661c71b80ee41566918faa5eae3bf4f03ae807bb4af42cb483b6c141e2" }, { "id": "2a382970-4f88-4e07-8413-a6c307104b70", "name": "d55ce447e249ef9045750865fa196c8ca8434c8c484f861b7bdecbceeab7c16e" }, { "id": "ca239200-b34d-45b3-99be-94b95e45ffa5", "name": "8419b1f0acca46d45f4c54c315c8cc4784946e07d547fe55187b928fa6c6b8f5" }, { "id": "b2fac352-ace5-4dd1-89af-f5906b5fbd4e", "name": "https://blackhatusa.com/setup.exe" }, { "id": "e0ff4f0c-a3c2-4a69-baad-4805319a6171", "name": "a911fe0259772906447d7e80a902ea954f3530edd9ea7d0427b6380707a8e681" }, { "id": "27ab0faa-9ffd-4446-9f73-fc29e55eeed3", "name": "4991873515d6dea70d7769cf67ccd8ea69184e5e454a6e6d1e093b6a3c48eb47" }, { "id": "43c9a16b-8d68-459c-b776-4adfc37fca24", "name": "130.12.180.43" }, { "id": "d9e5584b-2ec8-4a49-bfb1-2f6cb339c7ed", "name": "kuttabilla.top" }, { "id": "c8d47e3a-cae6-49b3-9f73-dbe768d8c526", "name": "66bf111030a2e22db575c0b7b7b677208745eef8b44265bb4259f41f126f1bf8" }, { "id": "04897150-63c5-422c-8bbd-a145a63c73ae", "name": "5562246e38f8935ba8b07350e6aaa44bc22abf37b77f49836fde5999f4b61cf1" }, { "id": "8429beb1-58b0-449b-b6d5-323cf6787889", "name": "88f9e169a85dcf6a1c03bf3ca1b1a262ed32baeca46cb87f0324adfdc098d4a2" }, { "id": "26b970ce-3b30-4b9a-a566-6bf4f5c0891a", "name": "e4496565d9fd2f9425c10a98d3a8632c12af5fe4259484cb202d7f65532b7df2" }, { "id": "848a827e-50ac-4183-8e66-d3aafd93873e", "name": "512adab2c69feaf026adfb12cbd7d2eb4fee746120491e44f476eebddcbb19f2" }, { "id": "43a3ca21-b913-4fef-8984-4481f1e39e11", "name": "8f8a71352d2f18162f2f74090dc6f0cae6b37029e3244e6522825ade75163055" }, { "id": "18a6ba36-9b9b-4b0b-a45f-5a041a46ad1e", "name": "http://blackhatusa.com/mr.exe" }, { "id": "4b7bbc63-0ddf-46e9-ba5b-5cd6a8987159", "name": "de3842bbb6626912d5b9b01fb775e1843004edb5855d4e627fd74b88bc7fe33b" }, { "id": "afba7e4e-2ab5-4e3a-a640-44da49cd85dd", "name": "75877.mcdir.me" }, { "id": "b6cefe41-3208-47b7-b983-c6f1124ca86f", "name": "cc47209d2e4d5a9b2b1d71622b0ad7f73e9c4aa56edd9aaf1e29265650c30f16" }, { "id": "0d886799-4b53-46b3-b312-941427634d67", "name": "12b41c07299d2535f7cdc194d97496acd944a9eb5d94b8d24b19291ed9d0830c" }, { "id": "3f1d7ac7-30a8-4e5e-ac42-30c630e72932", "name": "85816d89dac648645a9026973772815e956c267232b3d2577a06a43418f19ed3" }, { "id": "99835eb2-af8c-45ab-83e5-59941f965f23", "name": "milleniumrat.online" }, { "id": "661e21f6-7600-4b10-b7f6-5a6ee55b0ec3", "name": "https://www.thesnapchatmodapk.com/update1.exe" }, { "id": "cab65339-8c5b-472f-9548-5a2214102a99", "name": "ad0f892b7b99b68491ade4949ef6b575e64d9df5f84a53019b5c1e4eeb4c46a9" }, { "id": "16c9311b-cbb9-4a2c-b507-65a4bbd34090", "name": "https://modedapk.net/update1.exe" }, { "id": "8ff55c5f-d856-45f3-8799-92ef01dfef67", "name": "158.94.208.168" }, { "id": "b00836ed-255c-4720-b454-1f1c34ec1061", "name": "19e0070e5009bd5b376b9be997361d0773dcb004200ee8fafe6c14b96cbd93e4" }, { "id": "c4b6ef3b-c327-412e-ad1a-56385dd5bb1d", "name": "1c01ab1b59245f24ebdc5d9c414fcf4e2ce31f71f181522efc5a3d27476c8e21" }, { "id": "20b25fc1-4146-4b35-a9ea-90acc44edb04", "name": "blackhatusa.com" }, { "id": "16de7ac5-b10e-468e-a0d8-d2d5bc038d6b", "name": "2d8e5a2763f9a899fda44390d5b8495836c11fb266a61868d52d1f397c5243ee" }, { "id": "1d2c9d3a-00db-4d10-9ae9-1bf66d0b1d6f", "name": "92710bdb44279dbe8ccff34ba698d1558fa6d271c99ed4960ccbfb6d518d9418" }, { "id": "3490528f-b11c-49c2-8bb1-0e3dc8ec9d1d", "name": "62.60.226.97" }, { "id": "23b5f784-d146-4582-8966-81c0d6b8fcc5", "name": "https://milleniumrat.online" }, { "id": "ece4aa26-a2dc-47db-bc8f-0ef8d26fb2b5", "name": "http://130.12.180.43/files/7924412375/upOSLDn.exe" }, { "id": "9d0575b0-94d1-456b-9995-361c60848213", "name": "5a23ca644cb1f310be1abd5f6c6a3b3e15681ced99b0947a7f3465a79aae5089" }, { "id": "baa47148-12be-4ceb-9991-bd93ce091528", "name": "www.thesnapchatmodapk.com" }, { "id": "c3d16067-a2c1-4165-991f-fa6ae17f5709", "name": "https://75877.mcdir.me/files/doc1.exe" } ], "intrusion_sets": [ { "id": "283a11cc-69ed-4895-93da-9bcd3cc7a7b8", "name": "Y2K Operators", "slug": "y2k-operators" } ], "attack_patterns": [ { "id": "c473a756-355a-42ad-a0df-cd3a8fa006d1", "name": "T1057" }, { "id": "6ccd4566-e15e-40cf-b7df-4a3f737ce5cd", "name": "T1036.005" }, { "id": "32817170-4c07-427e-b8a5-80a733ae2550", "name": "T1497" }, { "id": "eaff4611-3c78-4127-8745-726f77ed68ba", "name": "T1070.004" }, { "id": "cf746a02-00ea-419e-912d-7b03f969c491", "name": "T1518.001" }, { "id": "93b2c4dd-5523-4464-8976-78754ee372fd", "name": "T1012" }, { "id": "b7ba0db0-7d4f-436f-8d5f-c431d690b048", "name": "T1555.003" }, { "id": "d03ba136-5188-4224-876c-26255d8c8a5b", "name": "T1217" }, { "id": "3e753709-1776-42f4-b465-278cb5f6ea6b", "name": "T1614" }, { "id": "d048ac4b-dd28-4c66-b62b-fe25cefef481", "name": "T1548.002" }, { "id": "32b33067-6566-4b8d-be80-e96f765d84de", "name": "T1059.001" }, { "id": "29398669-98ed-4766-9dac-f9632f7175ff", "name": "T1518" }, { "id": "196f2a64-c55b-47a6-8e38-beb76ba700b6", "name": "T1204.002" }, { "id": "6b2e0999-c7e8-4662-94ac-19aa8520ee46", "name": "T1059.003" }, { "id": "60972cf6-e90b-4600-af3c-13c468391d9c", "name": "T1106" }, { "id": "b7c6c1ad-f183-4128-8427-3891029c73dc", "name": "T1539" }, { "id": "5999052b-e9ae-49e8-9235-d9bf975c22af", "name": "T1547.001" }, { "id": "7364ca96-72bf-4b7f-afef-ce2583b1ed58", "name": "T1562.001" }, { "id": "0156fcda-e385-4662-b388-086c3e16feec", "name": "T1140" }, { "id": "45082a8e-9c79-470e-ad1b-decac7188e8f", "name": "T1083" }, { "id": "70616b2f-4019-4963-b758-5d9f6f20e201", "name": "T1082" } ], "malware": [ { "id": "50b0256e-3b81-4f32-b915-979cc893dc27", "name": "LV", "slug": "lv" }, { "id": "82e2ea8e-729a-4648-ba23-3a792f53fa15", "name": "XWorm", "slug": "xworm" }, { "id": "f200fb60-5446-493f-9712-9f26d65956cc", "name": "AsyncRAT", "slug": "asyncrat" }, { "id": "a88cf653-3ec6-40f9-84a8-ec05b54b1099", "name": "njRAT - S0385", "slug": "njrat-s0385" }, { "id": "c8b16d7d-df63-4f66-bb65-a4c6679c2fbc", "name": "Millenium RAT", "slug": "millenium-rat" } ], "observables": [ { "id": "07a8f92e-02b7-4b67-b5f6-7cda88a5e597", "name": "milleniumrat.online" }, { "id": "96f5f5ff-2a89-4c5c-adfc-13895b22d858", "name": "kuttabilla.top" }, { "id": "46a03a24-43fd-4a26-a3a2-dbe2dcfee528", "name": "modedapk.net" }, { "id": "592b2b26-4a79-4e17-8ee7-141264cafa9b", "name": "blackhatusa.com" }, { "id": "626e4149-0d56-4ea2-ad7c-9c01dec479b0", "name": "www.thesnapchatmodapk.com" }, { "id": "0588eb06-ad70-49a8-ac74-679de91c0dd7", "name": "75877.mcdir.me" }, { "id": "4c95c560-9cb3-4173-a2fc-6f1cfc9ffc2e", "name": "62.60.226.97" }, { "id": "d2579d77-c2a5-4f3f-9b05-148718dd8106", "name": "130.12.180.43" }, { "id": "ce0c3ee5-43ef-413a-8708-80514467e3f4", "name": "158.94.208.168" }, { "id": "c07b39fe-9aaa-4e47-8c43-72cb9bb51398", "name": "https://www.thesnapchatmodapk.com/update1.exe" }, { "id": "fa1afc75-552e-4b90-8af8-4006cbebff9a", "name": "http://158.94.208.168/files/8514679081/DRTjyu7.exe" }, { "id": "b7a45ebd-d89a-4426-acbe-24eda041dcc6", "name": "http://blackhatusa.com/mr.exe" }, { "id": "85c56799-dcaf-4d00-b34c-751947a87cb4", "name": "https://blackhatusa.com/clip.exe" }, { "id": "37323e4c-d95e-4af3-b569-33a1f4be4bb3", "name": "https://75877.mcdir.me/files/2.vbs" }, { "id": "b1edfafd-c596-4e08-bb27-a00814ab0520", "name": "https://75877.mcdir.me/files/doc1.exe" }, { "id": "9d8485cd-d24e-4257-92b2-670d46a758f1", "name": "http://kuttabilla.top/mr.exe" }, { "id": "dcb78a02-28fb-47fe-bbbb-b0dcbe772583", "name": "https://modedapk.net/update1.exe" }, { "id": "a230ba95-40fe-4106-8dad-b2de06d21f48", "name": "https://blackhatusa.com/update.exe" }, { "id": "92013b52-34a2-4042-9733-5d0e136d67de", "name": "https://blackhatusa.com/setup.exe" }, { "id": "d9108ee2-93c0-40c6-8d14-1ca6a8a5ffd3", "name": "https://milleniumrat.online" }, { "id": "0e915298-ed23-4803-be5b-0537e0275312", "name": "http://130.12.180.43/files/7924412375/upOSLDn.exe" } ] }, "external_refs": [ { "id": "f67607eb-e6a9-4e4f-bdc3-4867661f48b0", "standard_id": "external-reference--2883205f-129c-5e9b-89af-81333bdd105c", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://otx.alienvault.com/pulse/6a3d76e592eaea08a66ad337", "hash": null, "external_id": "6a3d76e592eaea08a66ad337", "created": "2026-06-26T08:37:51.917Z", "modified": "2026-06-26T08:37:51.917Z", "createdById": null }, { "id": "946f66f1-a626-4e5a-b827-c9aad9d146da", "standard_id": "external-reference--85e917cb-9715-5727-a9f7-5192c80ee17d", "entity_type": "External-Reference", "source_name": "AlienVault", "description": null, "url": "https://www.group-ib.com/blog/millenium-rat-maas/", "hash": null, "external_id": null, "created": "2026-06-26T08:37:52.622Z", "modified": "2026-06-26T08:37:52.622Z", "createdById": null } ] }